Question on CISSP

Posted on 2006-11-18
Last Modified: 2008-01-16
I am seeking information.

I have been in networking and involved in network security for 20 years, but I've never taken a security certification exam, with the exception of the SANS GSEC earlier this year. I have found that experience has always carried more weight than the cert. However, there is a job coming up that requires a CISSP and a CISA. If I want to apply I need at least one of the certs. I have the TESTOUT CBT CD's for the CISSP and I was wondering for those who have dedicated themselves to studying and successfully passing the CISSP exam how long did it take?

I could attend a boot camp, for the CISSP, in the very near future and knock this out very quickly.

I would really like to know, for those who have passed the CISSP, how long did it take? I realize the exam covers a pretty broad area. The same information for the CISA would also be helpful.    
Question by:jhhaley

Expert Comment

ID: 17976417
I haven't taken the test (yet) but most of my colleagues have.  Most have devoted a couple of weeks to get through it, so far as I can tell... at least with the "boot camp" option.  It does cover a very broad scope of material AFAIK, and I don't think you'll have to go so in depth as to pull out a lot of math for cryptanalysis.

Author Comment

ID: 17977019
LindyMoff: Thanks for the response, you made the following comment:

"Most have devoted a couple of weeks to get through it, so far as I can tell... at least with the "boot camp" option."

Did you mean that they took a couple of weeks to get through it (exam) in conjuction with a boot camp or did they self study?

For All: The boot camp I was considering is sponsored by Has anyone taken training at this location and were you happy with the training? I am looking at Atlanta for the training location.  
LVL 17

Accepted Solution

Dushan De Silva earned 125 total points
ID: 17977048
Yes that 10 Cds are very good. Its covering most of the things in the 10 domains.
For CISSP exam you must know things in One square mile, but only one inche deep knowledge.

You must Read "SHON HARRIS - CISSP Certification Exam Study Guide" --> Exaplins in Very Simple manner. One of my freind got passed from CISSP, only reading this book.

And another my freind(busy freind) got 655/1000 marks (need 700 marks to pass). --> he went through only "CISSP Prep Guide", its covering all the topics in summerized manner.

But I'm Advicing to read "CISSP Official Guide" also.

And if you are very good expereinced in network(security), I don't think, u must attent to the boot camp. But you should read at least above 3 books (at least one book very well). But if you can attent to boot camp, it will good. But i don't have expereince about boot camp.

And If you are planning for boot camp, I'm advicing you to attent official boot camp.

You can check official CISSP web site.
You can register for Official boot camps from ICS2 web site, acording to you location. And you must register for CISSP exam from same site.

And you can see CISSP current member list(including thier CVs).

And you can have online practice exams from, you can select questions acording to the wieght of the questions.(  CISSP questions have weight 1-5)


BR Dushan
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

LVL 17

Expert Comment

by:Dushan De Silva
ID: 17977073
I don't know about
I'm advicing you to take official Trainig from ISC2.

You can search exmaination date/time/locations from following link.

Results will show exm dates and Official Seminars(Boot camps) date.

These official seminar will help full 5 days. And Seminars are normally scheduling 2-3 weeks before the exam. (Same location exams scheduling.)

BR Dushan
LVL 17

Expert Comment

by:Dushan De Silva
ID: 17977091
After studying, you can check your knowlede/standrad.

You can answer questions acording to domain. Or you can select multiple domains with shift key.

BR Dushan

Expert Comment

ID: 17977219
Yeah, I don't know much about ced... but I think so long as you have the study CDs it would probably be just fine.  When I said 2 weeks I meant a week of self-study followed by a week of boot camp (through ISC2) and then the exam.  It's all subjective though :)
LVL 17

Expert Comment

by:Dushan De Silva
ID: 17977381
yes. If you study hardly, two weeks will enough. But it will depend on you (studying way and frequency of capturing the knowledge) . After studying you can check your standard via  kind of qiuze sites. ;).
But I'm advising to study at least two months. Because it covers hudge area. I mean not deeply one section. Covers most sections overally. So will take time to understand some most of the management concept, because most of the questions are related to decision making, management ..etc . Not much deep technically. But to take those decisions you should know technical term and usage of technology very well (mostly via expereince).

BR Dushan
LVL 18

Assisted Solution

PowerIT earned 175 total points
ID: 17980673
Jhhaley, I was in a very similar situation a while ago. Broad IT experience of almost 20 years, but no certification.
After looking through all possible certification I choose CISSP because it covers a really broad range of topics, is vendor independent and is highly praised.
Because of my experience I did not want to take a course or follow a boot camp, because of the possibility of lots of overlaps with my own experience. That seamed like wasted time.
Also important for me was passing the first time. I did not want to spend the same time and money again to retake an exam, so I wanted to be very well prepared.
This is what I did:
- Downloaded the study guides form They are free (after registration) and then you'll know what you are up against.
- Bought the following book: "Shon Harris, CISSP All In One Exam Study Guide Third Edition" as my main study guide. It's very clear, easy to follow and the sample questions prepare you very well on the type of questions you will get at the exam.
- Also bought: "The CISSP Prep Guide, Second Edition: Mastering the CISSP and ISSEP™ Exams by Ronald L. Krutz and Russell Dean Vines (Wiley Publishing)" as my secondary study guide. As I did not follow any courses - just self study - I really wanted a second opinion.
- Downloaded the open study guides from , as a third opinion :-)
Then I did a quick run through the Harris' book, just to know what it's all about and where I'm really not up to speed.
After doing that I knew that I would really have to study on security management practices, cryptography and security architectures and models. Because I had the least experience with those.

Then up to studying. I had two months to prepare, while in the same period I had my fulltime job + I was teaching 2003 server courses in the evening twice a week.
Used up all my other spare time in that period. After that I felt ready. I estimate that it took me about 200 hours of intense studying. Your mileage may vary, as I also had the language barrier of English. English is my third language, after Dutch and French. FYI, sometimes I took a side track by looking through the recommended readings which you will find in Harris book.
After studying each chapter of Harris' book I took the test questions at the end of each chapter. I kept score. Studying that first book took about three quarters of my time. Next ones go a lot faster.
After finalizing that book I read Krutz' book - skipping the ISSEP part - and also took the test questions which are in there. And again I kept score. After two test round you will know where you will have to work at. I the used the open study guides. And did a third round of test, this time the full test from the CD included with Harris' book. This test prepares you well for the sheer volume of the exam.
Based on my three scores and which questions I did not pass, I then brushed up on the harder topics.
Also, during the studying I made a lot of notes. The day before the exam, I only ran through my own notes as those contained all information I felt I needed, in a condense form.

I also followed these tips very closely:
It contains sound advice, also for taking the exam itself.

In my opinion, both Harris and Krutz are must reads, but if I had to choose one then I would choose Harris. As a matter of fact I did so. I'm teaching a CISSP course here in Belgium (starting next January) and have chosen Harris' book as the study guide for my students. The course is not a boot camp, as it takes 75 hours (double that of a boot camp) and is spread over 3 months. Because I believe you can only hold your attention for a limited time. And I also make that course more practical by adding ISO 17799 to it, for building a security plan. But that's not a must for passing the exam.
What I'm saying is -  like Dushan - if you can: spread your studying. Don't try to cram it in 2 weeks. And a boot camp alone will certainly not be enough.
If you really have to take it in two weeks, and you have those two weeks completely free, then you might give it a shot. If that's the only time you have, and you are already very experienced, then I would not waste any time on a boot camp. With self study you can adapt much more flexible to your own knowledge.
Also: take enough breaks and have some relaxing time in between.

BTW, I passed first time :-)

Good luck, and I hope to welcome you as a CISSP very soon. The more security knowledge out there, the better. And it's indeed an excellent career advancer.


Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
save browser passwords 11 81
Windows 10 Task Scheduler fears and concerns 8 44
Master-Master-Slave BIND setup 2 25
Eset Smart Securties ARP poisoning attack 3 42
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question